*BSD News Article 24733


Return to BSD News archive

Path: sserve!newshost.anu.edu.au!munnari.oz.au!news.Hawaii.Edu!ames!agate!howland.reston.ans.net!xlink.net!fauern!rrze.uni-erlangen.de!late.e-technik.uni-erlangen.de!eilts
From: eilts@late.e-technik.uni-erlangen.de (Hinrich Eilts)
Newsgroups: comp.os.386bsd.questions
Subject: Re: Security question
Date: Mon, 6 Dec 1993 09:19:26 GMT
Organization: LATE, Uni-Erlangen, Germany
Message-ID: <2duteuEig7@uni-erlangen.de>
References: <2dodgn$s9s@bigboote.WPI.EDU> <1993Dec4.065700.11472@news.csuohio.edu> <CGD.93Dec3232517@eden.CS.Berkeley.EDU>
NNTP-Posting-Host: late4.e-technik.uni-erlangen.de
Lines: 26

cgd@eden.CS.Berkeley.EDU (Chris G. Demetriou) writes:
>you have to do the following to make a PC secure:
>	(1) jumper the turbo and reset switches, so that users can't
>		change their settings
>	(2) have the power supply set up so that it's always on.
>		(i.e. remove the switch)
>	(3) seal the case in some way so that users can't phyically
>		open it.
>	(4) set your bios to boot off of c: before a:
>	(5) set the bios passwd, so users can't change it.
>	(6) adjust the boot block so that it doesn't accept input
>		regarding boot device and the debugging flag
>	(7) set up init so that single-user boots are 'secure' (man ttys
>		for more info).

(8) lock SCSI-bus

to (2): there are plugs, fuses, ..., also
to (8): it's only neccessary if your kernel allows booting from an
(external) SCSI-device.

But, of course, there is (x), the unknown ...
-- 
              Bye                                 | G i b   D O S |
                   Hinrich Eilts                  | k  e  i  n  e |
  (e-mail: eilts@late.e-technik.uni-erlangen.de)  | C h a n c e ! |